Jump to content

bag-de-body

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by bag-de-body

  1. Phew, luckily we do quite a lot of that with regard to physical security. They could get a cherry picker to get up to our office window - but I'm sure our CCTV operators would notice that overnight. During the day we have rabid children patrolling the site :-)
  2. Hmmm... so I'm thinking, how do I defend myself against this thing? Our PCs are fairly locked down - so you wouldn't (for example) be able to use Start>Run as a normal user. Physical security: Don't plug in unknown USB sticks when you're an administrator - common sense really - and naturally enough don't leave your machine physically accessible to third parties anyway. You might be able to detect this on the basis of the speed of typing - even if we assume a really fast typist, there's probably some sort of clue with respect to regularity of the keystrokes. I suppose you could pretend to be a memory stick as well as a HID? We're used to occasionally seeing the "Windows has detected new hardware" message, and most of us will plug in a memory stick without really thinking. (Usually because we think our virus checker will protect us.) Assuming that you did go the Start>Run route, then you could deliver your payload while their back is turned with a wireless click - so they wouldn't see the momentary flash of the dialog on screen. You could even disguise it when they're browsing the net - they'd probably think it was a pop-up. The key thing is to know it's out there, so you're better prepared. That said, if you've physical access, wouldn't it be better to sit as a keylogger in between - perhaps disguised as a USB hub? You'd be more likely to go unnoticed, as you're being passive, not active?
×
×
  • Create New...